//===----------------------------------------------------------------------===//
//
// This source file is part of the Soto for AWS open source project
//
// Copyright (c) 2017-2021 the Soto project authors
// Licensed under Apache License v2.0
//
// See LICENSE.txt for license information
// See CONTRIBUTORS.txt for the list of Soto project authors
//
// SPDX-License-Identifier: Apache-2.0
//
//===----------------------------------------------------------------------===//

// THIS FILE IS AUTOMATICALLY GENERATED by https://github.com/soto-project/soto/tree/main/CodeGenerator. DO NOT EDIT.

import Foundation
import SotoCore

extension ACMPCA {
    // MARK: Enums

    public enum AccessMethodType: String, CustomStringConvertible, Codable {
        case caRepository = "CA_REPOSITORY"
        case resourcePkiManifest = "RESOURCE_PKI_MANIFEST"
        case resourcePkiNotify = "RESOURCE_PKI_NOTIFY"
        public var description: String { return self.rawValue }
    }

    public enum ActionType: String, CustomStringConvertible, Codable {
        case getcertificate = "GetCertificate"
        case issuecertificate = "IssueCertificate"
        case listpermissions = "ListPermissions"
        public var description: String { return self.rawValue }
    }

    public enum AuditReportResponseFormat: String, CustomStringConvertible, Codable {
        case csv = "CSV"
        case json = "JSON"
        public var description: String { return self.rawValue }
    }

    public enum AuditReportStatus: String, CustomStringConvertible, Codable {
        case creating = "CREATING"
        case failed = "FAILED"
        case success = "SUCCESS"
        public var description: String { return self.rawValue }
    }

    public enum CertificateAuthorityStatus: String, CustomStringConvertible, Codable {
        case active = "ACTIVE"
        case creating = "CREATING"
        case deleted = "DELETED"
        case disabled = "DISABLED"
        case expired = "EXPIRED"
        case failed = "FAILED"
        case pendingCertificate = "PENDING_CERTIFICATE"
        public var description: String { return self.rawValue }
    }

    public enum CertificateAuthorityType: String, CustomStringConvertible, Codable {
        case root = "ROOT"
        case subordinate = "SUBORDINATE"
        public var description: String { return self.rawValue }
    }

    public enum ExtendedKeyUsageType: String, CustomStringConvertible, Codable {
        case certificateTransparency = "CERTIFICATE_TRANSPARENCY"
        case clientAuth = "CLIENT_AUTH"
        case codeSigning = "CODE_SIGNING"
        case documentSigning = "DOCUMENT_SIGNING"
        case emailProtection = "EMAIL_PROTECTION"
        case ocspSigning = "OCSP_SIGNING"
        case serverAuth = "SERVER_AUTH"
        case smartCardLogin = "SMART_CARD_LOGIN"
        case timeStamping = "TIME_STAMPING"
        public var description: String { return self.rawValue }
    }

    public enum FailureReason: String, CustomStringConvertible, Codable {
        case other = "OTHER"
        case requestTimedOut = "REQUEST_TIMED_OUT"
        case unsupportedAlgorithm = "UNSUPPORTED_ALGORITHM"
        public var description: String { return self.rawValue }
    }

    public enum KeyAlgorithm: String, CustomStringConvertible, Codable {
        case ecPrime256V1 = "EC_prime256v1"
        case ecSecp384R1 = "EC_secp384r1"
        case rsa2048 = "RSA_2048"
        case rsa4096 = "RSA_4096"
        public var description: String { return self.rawValue }
    }

    public enum PolicyQualifierId: String, CustomStringConvertible, Codable {
        case cps = "CPS"
        public var description: String { return self.rawValue }
    }

    public enum ResourceOwner: String, CustomStringConvertible, Codable {
        case otherAccounts = "OTHER_ACCOUNTS"
        case `self` = "SELF"
        public var description: String { return self.rawValue }
    }

    public enum RevocationReason: String, CustomStringConvertible, Codable {
        case aACompromise = "A_A_COMPROMISE"
        case affiliationChanged = "AFFILIATION_CHANGED"
        case certificateAuthorityCompromise = "CERTIFICATE_AUTHORITY_COMPROMISE"
        case cessationOfOperation = "CESSATION_OF_OPERATION"
        case keyCompromise = "KEY_COMPROMISE"
        case privilegeWithdrawn = "PRIVILEGE_WITHDRAWN"
        case superseded = "SUPERSEDED"
        case unspecified = "UNSPECIFIED"
        public var description: String { return self.rawValue }
    }

    public enum SigningAlgorithm: String, CustomStringConvertible, Codable {
        case sha256withecdsa = "SHA256WITHECDSA"
        case sha256withrsa = "SHA256WITHRSA"
        case sha384withecdsa = "SHA384WITHECDSA"
        case sha384withrsa = "SHA384WITHRSA"
        case sha512withecdsa = "SHA512WITHECDSA"
        case sha512withrsa = "SHA512WITHRSA"
        public var description: String { return self.rawValue }
    }

    public enum ValidityPeriodType: String, CustomStringConvertible, Codable {
        case absolute = "ABSOLUTE"
        case days = "DAYS"
        case endDate = "END_DATE"
        case months = "MONTHS"
        case years = "YEARS"
        public var description: String { return self.rawValue }
    }

    // MARK: Shapes

    public struct ASN1Subject: AWSEncodableShape & AWSDecodableShape {
        /// For CA and end-entity certificates in a private PKI, the common name (CN) can be any string within the length limit.  Note: In publicly trusted certificates, the common name must be a fully qualified domain name (FQDN) associated with the certificate subject.
        public let commonName: String?
        /// Two-digit code that specifies the country in which the certificate subject located.
        public let country: String?
        /// Disambiguating information for the certificate subject.
        public let distinguishedNameQualifier: String?
        /// Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third.
        public let generationQualifier: String?
        /// First name.
        public let givenName: String?
        /// Concatenation that typically contains the first letter of the GivenName, the first letter of the middle name if one exists, and the first letter of the Surname.
        public let initials: String?
        /// The locality (such as a city or town) in which the certificate subject is located.
        public let locality: String?
        /// Legal name of the organization with which the certificate subject is affiliated.
        public let organization: String?
        /// A subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated.
        public let organizationalUnit: String?
        /// Typically a shortened version of a longer GivenName. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza.
        public let pseudonym: String?
        /// The certificate serial number.
        public let serialNumber: String?
        /// State in which the subject of the certificate is located.
        public let state: String?
        /// Family name. In the US and the UK, for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first.
        public let surname: String?
        /// A title such as Mr. or Ms., which is pre-pended to the name to refer formally to the certificate subject.
        public let title: String?

        public init(commonName: String? = nil, country: String? = nil, distinguishedNameQualifier: String? = nil, generationQualifier: String? = nil, givenName: String? = nil, initials: String? = nil, locality: String? = nil, organization: String? = nil, organizationalUnit: String? = nil, pseudonym: String? = nil, serialNumber: String? = nil, state: String? = nil, surname: String? = nil, title: String? = nil) {
            self.commonName = commonName
            self.country = country
            self.distinguishedNameQualifier = distinguishedNameQualifier
            self.generationQualifier = generationQualifier
            self.givenName = givenName
            self.initials = initials
            self.locality = locality
            self.organization = organization
            self.organizationalUnit = organizationalUnit
            self.pseudonym = pseudonym
            self.serialNumber = serialNumber
            self.state = state
            self.surname = surname
            self.title = title
        }

        public func validate(name: String) throws {
            try self.validate(self.commonName, name: "commonName", parent: name, max: 64)
            try self.validate(self.commonName, name: "commonName", parent: name, min: 0)
            try self.validate(self.country, name: "country", parent: name, max: 2)
            try self.validate(self.country, name: "country", parent: name, min: 2)
            try self.validate(self.country, name: "country", parent: name, pattern: "[A-Za-z]{2}")
            try self.validate(self.distinguishedNameQualifier, name: "distinguishedNameQualifier", parent: name, max: 64)
            try self.validate(self.distinguishedNameQualifier, name: "distinguishedNameQualifier", parent: name, min: 0)
            try self.validate(self.distinguishedNameQualifier, name: "distinguishedNameQualifier", parent: name, pattern: "[a-zA-Z0-9'()+-.?:/= ]*")
            try self.validate(self.generationQualifier, name: "generationQualifier", parent: name, max: 3)
            try self.validate(self.generationQualifier, name: "generationQualifier", parent: name, min: 0)
            try self.validate(self.givenName, name: "givenName", parent: name, max: 16)
            try self.validate(self.givenName, name: "givenName", parent: name, min: 0)
            try self.validate(self.initials, name: "initials", parent: name, max: 5)
            try self.validate(self.initials, name: "initials", parent: name, min: 0)
            try self.validate(self.locality, name: "locality", parent: name, max: 128)
            try self.validate(self.locality, name: "locality", parent: name, min: 0)
            try self.validate(self.organization, name: "organization", parent: name, max: 64)
            try self.validate(self.organization, name: "organization", parent: name, min: 0)
            try self.validate(self.organizationalUnit, name: "organizationalUnit", parent: name, max: 64)
            try self.validate(self.organizationalUnit, name: "organizationalUnit", parent: name, min: 0)
            try self.validate(self.pseudonym, name: "pseudonym", parent: name, max: 128)
            try self.validate(self.pseudonym, name: "pseudonym", parent: name, min: 0)
            try self.validate(self.serialNumber, name: "serialNumber", parent: name, max: 64)
            try self.validate(self.serialNumber, name: "serialNumber", parent: name, min: 0)
            try self.validate(self.serialNumber, name: "serialNumber", parent: name, pattern: "[a-zA-Z0-9'()+-.?:/= ]*")
            try self.validate(self.state, name: "state", parent: name, max: 128)
            try self.validate(self.state, name: "state", parent: name, min: 0)
            try self.validate(self.surname, name: "surname", parent: name, max: 40)
            try self.validate(self.surname, name: "surname", parent: name, min: 0)
            try self.validate(self.title, name: "title", parent: name, max: 64)
            try self.validate(self.title, name: "title", parent: name, min: 0)
        }

        private enum CodingKeys: String, CodingKey {
            case commonName = "CommonName"
            case country = "Country"
            case distinguishedNameQualifier = "DistinguishedNameQualifier"
            case generationQualifier = "GenerationQualifier"
            case givenName = "GivenName"
            case initials = "Initials"
            case locality = "Locality"
            case organization = "Organization"
            case organizationalUnit = "OrganizationalUnit"
            case pseudonym = "Pseudonym"
            case serialNumber = "SerialNumber"
            case state = "State"
            case surname = "Surname"
            case title = "Title"
        }
    }

    public struct AccessDescription: AWSEncodableShape & AWSDecodableShape {
        /// The location of AccessDescription information.
        public let accessLocation: GeneralName
        /// The type and format of AccessDescription information.
        public let accessMethod: AccessMethod

        public init(accessLocation: GeneralName, accessMethod: AccessMethod) {
            self.accessLocation = accessLocation
            self.accessMethod = accessMethod
        }

        public func validate(name: String) throws {
            try self.accessLocation.validate(name: "\(name).accessLocation")
            try self.accessMethod.validate(name: "\(name).accessMethod")
        }

        private enum CodingKeys: String, CodingKey {
            case accessLocation = "AccessLocation"
            case accessMethod = "AccessMethod"
        }
    }

    public struct AccessMethod: AWSEncodableShape & AWSDecodableShape {
        /// Specifies the AccessMethod.
        public let accessMethodType: AccessMethodType?
        /// An object identifier (OID) specifying the AccessMethod. The OID must satisfy the regular expression shown below. For more information, see NIST's definition of Object Identifier (OID).
        public let customObjectIdentifier: String?

        public init(accessMethodType: AccessMethodType? = nil, customObjectIdentifier: String? = nil) {
            self.accessMethodType = accessMethodType
            self.customObjectIdentifier = customObjectIdentifier
        }

        public func validate(name: String) throws {
            try self.validate(self.customObjectIdentifier, name: "customObjectIdentifier", parent: name, max: 64)
            try self.validate(self.customObjectIdentifier, name: "customObjectIdentifier", parent: name, min: 0)
            try self.validate(self.customObjectIdentifier, name: "customObjectIdentifier", parent: name, pattern: "^([0-2])\\.([0-9]|([0-3][0-9]))((\\.([0-9]+)){0,126})$")
        }

        private enum CodingKeys: String, CodingKey {
            case accessMethodType = "AccessMethodType"
            case customObjectIdentifier = "CustomObjectIdentifier"
        }
    }

    public struct ApiPassthrough: AWSEncodableShape {
        /// Specifies X.509 extension information for a certificate.
        public let extensions: Extensions?
        public let subject: ASN1Subject?

        public init(extensions: Extensions? = nil, subject: ASN1Subject? = nil) {
            self.extensions = extensions
            self.subject = subject
        }

        public func validate(name: String) throws {
            try self.extensions?.validate(name: "\(name).extensions")
            try self.subject?.validate(name: "\(name).subject")
        }

        private enum CodingKeys: String, CodingKey {
            case extensions = "Extensions"
            case subject = "Subject"
        }
    }

    public struct CertificateAuthority: AWSDecodableShape {
        /// Amazon Resource Name (ARN) for your private certificate authority (CA). The format is  12345678-1234-1234-1234-123456789012 .
        public let arn: String?
        /// Your private CA configuration.
        public let certificateAuthorityConfiguration: CertificateAuthorityConfiguration?
        /// Date and time at which your private CA was created.
        public let createdAt: Date?
        /// Reason the request to create your private CA failed.
        public let failureReason: FailureReason?
        /// Date and time at which your private CA was last updated.
        public let lastStateChangeAt: Date?
        /// Date and time after which your private CA certificate is not valid.
        public let notAfter: Date?
        /// Date and time before which your private CA certificate is not valid.
        public let notBefore: Date?
        /// The AWS account ID that owns the certificate authority.
        public let ownerAccount: String?
        /// The period during which a deleted CA can be restored. For more information, see the PermanentDeletionTimeInDays parameter of the DeleteCertificateAuthorityRequest action.
        public let restorableUntil: Date?
        /// Information about the certificate revocation list (CRL) created and maintained by your private CA.
        public let revocationConfiguration: RevocationConfiguration?
        /// Serial number of your private CA.
        public let serial: String?
        /// Status of your private CA.
        public let status: CertificateAuthorityStatus?
        /// Type of your private CA.
        public let type: CertificateAuthorityType?

        public init(arn: String? = nil, certificateAuthorityConfiguration: CertificateAuthorityConfiguration? = nil, createdAt: Date? = nil, failureReason: FailureReason? = nil, lastStateChangeAt: Date? = nil, notAfter: Date? = nil, notBefore: Date? = nil, ownerAccount: String? = nil, restorableUntil: Date? = nil, revocationConfiguration: RevocationConfiguration? = nil, serial: String? = nil, status: CertificateAuthorityStatus? = nil, type: CertificateAuthorityType? = nil) {
            self.arn = arn
            self.certificateAuthorityConfiguration = certificateAuthorityConfiguration
            self.createdAt = createdAt
            self.failureReason = failureReason
            self.lastStateChangeAt = lastStateChangeAt
            self.notAfter = notAfter
            self.notBefore = notBefore
            self.ownerAccount = ownerAccount
            self.restorableUntil = restorableUntil
            self.revocationConfiguration = revocationConfiguration
            self.serial = serial
            self.status = status
            self.type = type
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "Arn"
            case certificateAuthorityConfiguration = "CertificateAuthorityConfiguration"
            case createdAt = "CreatedAt"
            case failureReason = "FailureReason"
            case lastStateChangeAt = "LastStateChangeAt"
            case notAfter = "NotAfter"
            case notBefore = "NotBefore"
            case ownerAccount = "OwnerAccount"
            case restorableUntil = "RestorableUntil"
            case revocationConfiguration = "RevocationConfiguration"
            case serial = "Serial"
            case status = "Status"
            case type = "Type"
        }
    }

    public struct CertificateAuthorityConfiguration: AWSEncodableShape & AWSDecodableShape {
        /// Specifies information to be added to the extension section of the certificate signing request (CSR).
        public let csrExtensions: CsrExtensions?
        /// Type of the public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate. When you create a subordinate CA, you must use a key algorithm supported by the parent CA.
        public let keyAlgorithm: KeyAlgorithm
        /// Name of the algorithm your private CA uses to sign certificate requests. This parameter should not be confused with the SigningAlgorithm parameter used to sign certificates when they are issued.
        public let signingAlgorithm: SigningAlgorithm
        /// Structure that contains X.500 distinguished name information for your private CA.
        public let subject: ASN1Subject

        public init(csrExtensions: CsrExtensions? = nil, keyAlgorithm: KeyAlgorithm, signingAlgorithm: SigningAlgorithm, subject: ASN1Subject) {
            self.csrExtensions = csrExtensions
            self.keyAlgorithm = keyAlgorithm
            self.signingAlgorithm = signingAlgorithm
            self.subject = subject
        }

        public func validate(name: String) throws {
            try self.csrExtensions?.validate(name: "\(name).csrExtensions")
            try self.subject.validate(name: "\(name).subject")
        }

        private enum CodingKeys: String, CodingKey {
            case csrExtensions = "CsrExtensions"
            case keyAlgorithm = "KeyAlgorithm"
            case signingAlgorithm = "SigningAlgorithm"
            case subject = "Subject"
        }
    }

    public struct CreateCertificateAuthorityAuditReportRequest: AWSEncodableShape {
        /// The format in which to create the report. This can be either JSON or CSV.
        public let auditReportResponseFormat: AuditReportResponseFormat
        /// The Amazon Resource Name (ARN) of the CA to be audited. This is of the form:  arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 .
        public let certificateAuthorityArn: String
        /// The name of the S3 bucket that will contain the audit report.
        public let s3BucketName: String

        public init(auditReportResponseFormat: AuditReportResponseFormat, certificateAuthorityArn: String, s3BucketName: String) {
            self.auditReportResponseFormat = auditReportResponseFormat
            self.certificateAuthorityArn = certificateAuthorityArn
            self.s3BucketName = s3BucketName
        }

        public func validate(name: String) throws {
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, max: 200)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, min: 5)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, pattern: "arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*")
            try self.validate(self.s3BucketName, name: "s3BucketName", parent: name, max: 63)
            try self.validate(self.s3BucketName, name: "s3BucketName", parent: name, min: 3)
        }

        private enum CodingKeys: String, CodingKey {
            case auditReportResponseFormat = "AuditReportResponseFormat"
            case certificateAuthorityArn = "CertificateAuthorityArn"
            case s3BucketName = "S3BucketName"
        }
    }

    public struct CreateCertificateAuthorityAuditReportResponse: AWSDecodableShape {
        /// An alphanumeric string that contains a report identifier.
        public let auditReportId: String?
        /// The key that uniquely identifies the report file in your S3 bucket.
        public let s3Key: String?

        public init(auditReportId: String? = nil, s3Key: String? = nil) {
            self.auditReportId = auditReportId
            self.s3Key = s3Key
        }

        private enum CodingKeys: String, CodingKey {
            case auditReportId = "AuditReportId"
            case s3Key = "S3Key"
        }
    }

    public struct CreateCertificateAuthorityRequest: AWSEncodableShape {
        /// Name and bit size of the private key algorithm, the name of the signing algorithm, and X.500 certificate subject information.
        public let certificateAuthorityConfiguration: CertificateAuthorityConfiguration
        /// The type of the certificate authority.
        public let certificateAuthorityType: CertificateAuthorityType
        /// Custom string that can be used to distinguish between calls to the CreateCertificateAuthority action. Idempotency tokens for CreateCertificateAuthority time out after five minutes. Therefore, if you call CreateCertificateAuthority multiple times with the same idempotency token within five minutes, ACM Private CA recognizes that you are requesting only certificate authority and will issue only one. If you change the idempotency token for each call, PCA recognizes that you are requesting multiple certificate authorities.
        public let idempotencyToken: String?
        /// Contains a Boolean value that you can use to enable a certification revocation list (CRL) for the CA, the name of the S3 bucket to which ACM Private CA will write the CRL, and an optional CNAME alias that you can use to hide the name of your bucket in the CRL Distribution Points extension of your CA certificate. For more information, see the CrlConfiguration structure.
        public let revocationConfiguration: RevocationConfiguration?
        /// Key-value pairs that will be attached to the new private CA. You can associate up to 50 tags with a private CA. For information using tags with IAM to manage permissions, see Controlling Access Using IAM Tags.
        public let tags: [Tag]?

        public init(certificateAuthorityConfiguration: CertificateAuthorityConfiguration, certificateAuthorityType: CertificateAuthorityType, idempotencyToken: String? = nil, revocationConfiguration: RevocationConfiguration? = nil, tags: [Tag]? = nil) {
            self.certificateAuthorityConfiguration = certificateAuthorityConfiguration
            self.certificateAuthorityType = certificateAuthorityType
            self.idempotencyToken = idempotencyToken
            self.revocationConfiguration = revocationConfiguration
            self.tags = tags
        }

        public func validate(name: String) throws {
            try self.certificateAuthorityConfiguration.validate(name: "\(name).certificateAuthorityConfiguration")
            try self.validate(self.idempotencyToken, name: "idempotencyToken", parent: name, max: 36)
            try self.validate(self.idempotencyToken, name: "idempotencyToken", parent: name, min: 1)
            try self.validate(self.idempotencyToken, name: "idempotencyToken", parent: name, pattern: "[\\u0009\\u000A\\u000D\\u0020-\\u00FF]*")
            try self.revocationConfiguration?.validate(name: "\(name).revocationConfiguration")
            try self.tags?.forEach {
                try $0.validate(name: "\(name).tags[]")
            }
            try self.validate(self.tags, name: "tags", parent: name, max: 50)
            try self.validate(self.tags, name: "tags", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case certificateAuthorityConfiguration = "CertificateAuthorityConfiguration"
            case certificateAuthorityType = "CertificateAuthorityType"
            case idempotencyToken = "IdempotencyToken"
            case revocationConfiguration = "RevocationConfiguration"
            case tags = "Tags"
        }
    }

    public struct CreateCertificateAuthorityResponse: AWSDecodableShape {
        /// If successful, the Amazon Resource Name (ARN) of the certificate authority (CA). This is of the form:   arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 .
        public let certificateAuthorityArn: String?

        public init(certificateAuthorityArn: String? = nil) {
            self.certificateAuthorityArn = certificateAuthorityArn
        }

        private enum CodingKeys: String, CodingKey {
            case certificateAuthorityArn = "CertificateAuthorityArn"
        }
    }

    public struct CreatePermissionRequest: AWSEncodableShape {
        /// The actions that the specified AWS service principal can use. These include IssueCertificate, GetCertificate, and ListPermissions.
        public let actions: [ActionType]
        /// The Amazon Resource Name (ARN) of the CA that grants the permissions. You can find the ARN by calling the ListCertificateAuthorities action. This must have the following form:   arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 .
        public let certificateAuthorityArn: String
        /// The AWS service or identity that receives the permission. At this time, the only valid principal is acm.amazonaws.com.
        public let principal: String
        /// The ID of the calling account.
        public let sourceAccount: String?

        public init(actions: [ActionType], certificateAuthorityArn: String, principal: String, sourceAccount: String? = nil) {
            self.actions = actions
            self.certificateAuthorityArn = certificateAuthorityArn
            self.principal = principal
            self.sourceAccount = sourceAccount
        }

        public func validate(name: String) throws {
            try self.validate(self.actions, name: "actions", parent: name, max: 3)
            try self.validate(self.actions, name: "actions", parent: name, min: 1)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, max: 200)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, min: 5)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, pattern: "arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*")
            try self.validate(self.principal, name: "principal", parent: name, max: 128)
            try self.validate(self.principal, name: "principal", parent: name, min: 0)
            try self.validate(self.principal, name: "principal", parent: name, pattern: "^[^*]+$")
            try self.validate(self.sourceAccount, name: "sourceAccount", parent: name, max: 12)
            try self.validate(self.sourceAccount, name: "sourceAccount", parent: name, min: 12)
            try self.validate(self.sourceAccount, name: "sourceAccount", parent: name, pattern: "[0-9]+")
        }

        private enum CodingKeys: String, CodingKey {
            case actions = "Actions"
            case certificateAuthorityArn = "CertificateAuthorityArn"
            case principal = "Principal"
            case sourceAccount = "SourceAccount"
        }
    }

    public struct CrlConfiguration: AWSEncodableShape & AWSDecodableShape {
        /// Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point. Use this value if you don't want the name of your S3 bucket to be public.
        public let customCname: String?
        /// Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. You can use this value to enable certificate revocation for a new CA when you call the CreateCertificateAuthority action or for an existing CA when you call the UpdateCertificateAuthority action.
        public let enabled: Bool
        /// Validity period of the CRL in days.
        public let expirationInDays: Int?
        /// Name of the S3 bucket that contains the CRL. If you do not provide a value for the CustomCname argument, the name of your S3 bucket is placed into the CRL Distribution Points extension of the issued certificate. You can change the name of your bucket by calling the UpdateCertificateAuthority action. You must specify a bucket policy that allows ACM Private CA to write the CRL to your bucket.
        public let s3BucketName: String?

        public init(customCname: String? = nil, enabled: Bool, expirationInDays: Int? = nil, s3BucketName: String? = nil) {
            self.customCname = customCname
            self.enabled = enabled
            self.expirationInDays = expirationInDays
            self.s3BucketName = s3BucketName
        }

        public func validate(name: String) throws {
            try self.validate(self.customCname, name: "customCname", parent: name, max: 253)
            try self.validate(self.customCname, name: "customCname", parent: name, min: 0)
            try self.validate(self.expirationInDays, name: "expirationInDays", parent: name, max: 5000)
            try self.validate(self.expirationInDays, name: "expirationInDays", parent: name, min: 1)
            try self.validate(self.s3BucketName, name: "s3BucketName", parent: name, max: 255)
            try self.validate(self.s3BucketName, name: "s3BucketName", parent: name, min: 3)
        }

        private enum CodingKeys: String, CodingKey {
            case customCname = "CustomCname"
            case enabled = "Enabled"
            case expirationInDays = "ExpirationInDays"
            case s3BucketName = "S3BucketName"
        }
    }

    public struct CsrExtensions: AWSEncodableShape & AWSDecodableShape {
        /// Indicates the purpose of the certificate and of the key contained in the certificate.
        public let keyUsage: KeyUsage?
        /// For CA certificates, provides a path to additional information pertaining to the CA, such as revocation and policy. For more information, see Subject Information Access in RFC 5280.
        public let subjectInformationAccess: [AccessDescription]?

        public init(keyUsage: KeyUsage? = nil, subjectInformationAccess: [AccessDescription]? = nil) {
            self.keyUsage = keyUsage
            self.subjectInformationAccess = subjectInformationAccess
        }

        public func validate(name: String) throws {
            try self.subjectInformationAccess?.forEach {
                try $0.validate(name: "\(name).subjectInformationAccess[]")
            }
        }

        private enum CodingKeys: String, CodingKey {
            case keyUsage = "KeyUsage"
            case subjectInformationAccess = "SubjectInformationAccess"
        }
    }

    public struct DeleteCertificateAuthorityRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. This must have the following form:   arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 .
        public let certificateAuthorityArn: String
        /// The number of days to make a CA restorable after it has been deleted. This can be anywhere from 7 to 30 days, with 30 being the default.
        public let permanentDeletionTimeInDays: Int?

        public init(certificateAuthorityArn: String, permanentDeletionTimeInDays: Int? = nil) {
            self.certificateAuthorityArn = certificateAuthorityArn
            self.permanentDeletionTimeInDays = permanentDeletionTimeInDays
        }

        public func validate(name: String) throws {
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, max: 200)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, min: 5)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, pattern: "arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*")
            try self.validate(self.permanentDeletionTimeInDays, name: "permanentDeletionTimeInDays", parent: name, max: 30)
            try self.validate(self.permanentDeletionTimeInDays, name: "permanentDeletionTimeInDays", parent: name, min: 7)
        }

        private enum CodingKeys: String, CodingKey {
            case certificateAuthorityArn = "CertificateAuthorityArn"
            case permanentDeletionTimeInDays = "PermanentDeletionTimeInDays"
        }
    }

    public struct DeletePermissionRequest: AWSEncodableShape {
        /// The Amazon Resource Number (ARN) of the private CA that issued the permissions. You can find the CA's ARN by calling the ListCertificateAuthorities action. This must have the following form:   arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 .
        public let certificateAuthorityArn: String
        /// The AWS service or identity that will have its CA permissions revoked. At this time, the only valid service principal is acm.amazonaws.com
        public let principal: String
        /// The AWS account that calls this action.
        public let sourceAccount: String?

        public init(certificateAuthorityArn: String, principal: String, sourceAccount: String? = nil) {
            self.certificateAuthorityArn = certificateAuthorityArn
            self.principal = principal
            self.sourceAccount = sourceAccount
        }

        public func validate(name: String) throws {
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, max: 200)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, min: 5)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, pattern: "arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*")
            try self.validate(self.principal, name: "principal", parent: name, max: 128)
            try self.validate(self.principal, name: "principal", parent: name, min: 0)
            try self.validate(self.principal, name: "principal", parent: name, pattern: "^[^*]+$")
            try self.validate(self.sourceAccount, name: "sourceAccount", parent: name, max: 12)
            try self.validate(self.sourceAccount, name: "sourceAccount", parent: name, min: 12)
            try self.validate(self.sourceAccount, name: "sourceAccount", parent: name, pattern: "[0-9]+")
        }

        private enum CodingKeys: String, CodingKey {
            case certificateAuthorityArn = "CertificateAuthorityArn"
            case principal = "Principal"
            case sourceAccount = "SourceAccount"
        }
    }

    public struct DeletePolicyRequest: AWSEncodableShape {
        /// The Amazon Resource Number (ARN) of the private CA that will have its policy deleted. You can find the CA's ARN by calling the ListCertificateAuthorities action. The ARN value must have the form arn:aws:acm-pca:region:account:certificate-authority/01234567-89ab-cdef-0123-0123456789ab.
        public let resourceArn: String

        public init(resourceArn: String) {
            self.resourceArn = resourceArn
        }

        public func validate(name: String) throws {
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, max: 200)
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, min: 5)
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, pattern: "arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*")
        }

        private enum CodingKeys: String, CodingKey {
            case resourceArn = "ResourceArn"
        }
    }

    public struct DescribeCertificateAuthorityAuditReportRequest: AWSEncodableShape {
        /// The report ID returned by calling the CreateCertificateAuthorityAuditReport action.
        public let auditReportId: String
        /// The Amazon Resource Name (ARN) of the private CA. This must be of the form:  arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 .
        public let certificateAuthorityArn: String

        public init(auditReportId: String, certificateAuthorityArn: String) {
            self.auditReportId = auditReportId
            self.certificateAuthorityArn = certificateAuthorityArn
        }

        public func validate(name: String) throws {
            try self.validate(self.auditReportId, name: "auditReportId", parent: name, max: 36)
            try self.validate(self.auditReportId, name: "auditReportId", parent: name, min: 36)
            try self.validate(self.auditReportId, name: "auditReportId", parent: name, pattern: "[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12}")
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, max: 200)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, min: 5)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, pattern: "arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*")
        }

        private enum CodingKeys: String, CodingKey {
            case auditReportId = "AuditReportId"
            case certificateAuthorityArn = "CertificateAuthorityArn"
        }
    }

    public struct DescribeCertificateAuthorityAuditReportResponse: AWSDecodableShape {
        /// Specifies whether report creation is in progress, has succeeded, or has failed.
        public let auditReportStatus: AuditReportStatus?
        /// The date and time at which the report was created.
        public let createdAt: Date?
        /// Name of the S3 bucket that contains the report.
        public let s3BucketName: String?
        /// S3 key that uniquely identifies the report file in your S3 bucket.
        public let s3Key: String?

        public init(auditReportStatus: AuditReportStatus? = nil, createdAt: Date? = nil, s3BucketName: String? = nil, s3Key: String? = nil) {
            self.auditReportStatus = auditReportStatus
            self.createdAt = createdAt
            self.s3BucketName = s3BucketName
            self.s3Key = s3Key
        }

        private enum CodingKeys: String, CodingKey {
            case auditReportStatus = "AuditReportStatus"
            case createdAt = "CreatedAt"
            case s3BucketName = "S3BucketName"
            case s3Key = "S3Key"
        }
    }

    public struct DescribeCertificateAuthorityRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. This must be of the form:   arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 .
        public let certificateAuthorityArn: String

        public init(certificateAuthorityArn: String) {
            self.certificateAuthorityArn = certificateAuthorityArn
        }

        public func validate(name: String) throws {
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, max: 200)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, min: 5)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, pattern: "arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*")
        }

        private enum CodingKeys: String, CodingKey {
            case certificateAuthorityArn = "CertificateAuthorityArn"
        }
    }

    public struct DescribeCertificateAuthorityResponse: AWSDecodableShape {
        /// A CertificateAuthority structure that contains information about your private CA.
        public let certificateAuthority: CertificateAuthority?

        public init(certificateAuthority: CertificateAuthority? = nil) {
            self.certificateAuthority = certificateAuthority
        }

        private enum CodingKeys: String, CodingKey {
            case certificateAuthority = "CertificateAuthority"
        }
    }

    public struct EdiPartyName: AWSEncodableShape & AWSDecodableShape {
        /// Specifies the name assigner.
        public let nameAssigner: String?
        /// Specifies the party name.
        public let partyName: String

        public init(nameAssigner: String? = nil, partyName: String) {
            self.nameAssigner = nameAssigner
            self.partyName = partyName
        }

        public func validate(name: String) throws {
            try self.validate(self.nameAssigner, name: "nameAssigner", parent: name, max: 256)
            try self.validate(self.nameAssigner, name: "nameAssigner", parent: name, min: 0)
            try self.validate(self.partyName, name: "partyName", parent: name, max: 256)
            try self.validate(self.partyName, name: "partyName", parent: name, min: 0)
        }

        private enum CodingKeys: String, CodingKey {
            case nameAssigner = "NameAssigner"
            case partyName = "PartyName"
        }
    }

    public struct ExtendedKeyUsage: AWSEncodableShape {
        /// Specifies a custom ExtendedKeyUsage with an object identifier (OID).
        public let extendedKeyUsageObjectIdentifier: String?
        /// Specifies a standard ExtendedKeyUsage as defined as in RFC 5280.
        public let extendedKeyUsageType: ExtendedKeyUsageType?

        public init(extendedKeyUsageObjectIdentifier: String? = nil, extendedKeyUsageType: ExtendedKeyUsageType? = nil) {
            self.extendedKeyUsageObjectIdentifier = extendedKeyUsageObjectIdentifier
            self.extendedKeyUsageType = extendedKeyUsageType
        }

        public func validate(name: String) throws {
            try self.validate(self.extendedKeyUsageObjectIdentifier, name: "extendedKeyUsageObjectIdentifier", parent: name, max: 64)
            try self.validate(self.extendedKeyUsageObjectIdentifier, name: "extendedKeyUsageObjectIdentifier", parent: name, min: 0)
            try self.validate(self.extendedKeyUsageObjectIdentifier, name: "extendedKeyUsageObjectIdentifier", parent: name, pattern: "^([0-2])\\.([0-9]|([0-3][0-9]))((\\.([0-9]+)){0,126})$")
        }

        private enum CodingKeys: String, CodingKey {
            case extendedKeyUsageObjectIdentifier = "ExtendedKeyUsageObjectIdentifier"
            case extendedKeyUsageType = "ExtendedKeyUsageType"
        }
    }

    public struct Extensions: AWSEncodableShape {
        /// Contains a sequence of one or more policy information terms, each of which consists of an object identifier (OID) and optional qualifiers. For more information, see NIST's definition of Object Identifier (OID). In an end-entity certificate, these terms indicate the policy under which the certificate was issued and the purposes for which it may be used. In a CA certificate, these terms limit the set of policies for certification paths that include this certificate.
        public let certificatePolicies: [PolicyInformation]?
        /// Specifies additional purposes for which the certified public key may be used other than basic purposes indicated in the KeyUsage extension.
        public let extendedKeyUsage: [ExtendedKeyUsage]?
        public let keyUsage: KeyUsage?
        /// The subject alternative name extension allows identities to be bound to the subject of the certificate. These identities may be included in addition to or in place of the identity in the subject field of the certificate.
        public let subjectAlternativeNames: [GeneralName]?

        public init(certificatePolicies: [PolicyInformation]? = nil, extendedKeyUsage: [ExtendedKeyUsage]? = nil, keyUsage: KeyUsage? = nil, subjectAlternativeNames: [GeneralName]? = nil) {
            self.certificatePolicies = certificatePolicies
            self.extendedKeyUsage = extendedKeyUsage
            self.keyUsage = keyUsage
            self.subjectAlternativeNames = subjectAlternativeNames
        }

        public func validate(name: String) throws {
            try self.certificatePolicies?.forEach {
                try $0.validate(name: "\(name).certificatePolicies[]")
            }
            try self.validate(self.certificatePolicies, name: "certificatePolicies", parent: name, max: 20)
            try self.validate(self.certificatePolicies, name: "certificatePolicies", parent: name, min: 1)
            try self.extendedKeyUsage?.forEach {
                try $0.validate(name: "\(name).extendedKeyUsage[]")
            }
            try self.validate(self.extendedKeyUsage, name: "extendedKeyUsage", parent: name, max: 20)
            try self.validate(self.extendedKeyUsage, name: "extendedKeyUsage", parent: name, min: 1)
            try self.subjectAlternativeNames?.forEach {
                try $0.validate(name: "\(name).subjectAlternativeNames[]")
            }
            try self.validate(self.subjectAlternativeNames, name: "subjectAlternativeNames", parent: name, max: 20)
            try self.validate(self.subjectAlternativeNames, name: "subjectAlternativeNames", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case certificatePolicies = "CertificatePolicies"
            case extendedKeyUsage = "ExtendedKeyUsage"
            case keyUsage = "KeyUsage"
            case subjectAlternativeNames = "SubjectAlternativeNames"
        }
    }

    public struct GeneralName: AWSEncodableShape & AWSDecodableShape {
        public let directoryName: ASN1Subject?
        /// Represents GeneralName as a DNS name.
        public let dnsName: String?
        /// Represents GeneralName as an EdiPartyName object.
        public let ediPartyName: EdiPartyName?
        /// Represents GeneralName as an IPv4 or IPv6 address.
        public let ipAddress: String?
        /// Represents GeneralName using an OtherName object.
        public let otherName: OtherName?
        ///  Represents GeneralName as an object identifier (OID).
        public let registeredId: String?
        /// Represents GeneralName as an RFC 822 email address.
        public let rfc822Name: String?
        /// Represents GeneralName as a URI.
        public let uniformResourceIdentifier: String?

        public init(directoryName: ASN1Subject? = nil, dnsName: String? = nil, ediPartyName: EdiPartyName? = nil, ipAddress: String? = nil, otherName: OtherName? = nil, registeredId: String? = nil, rfc822Name: String? = nil, uniformResourceIdentifier: String? = nil) {
            self.directoryName = directoryName
            self.dnsName = dnsName
            self.ediPartyName = ediPartyName
            self.ipAddress = ipAddress
            self.otherName = otherName
            self.registeredId = registeredId
            self.rfc822Name = rfc822Name
            self.uniformResourceIdentifier = uniformResourceIdentifier
        }

        public func validate(name: String) throws {
            try self.directoryName?.validate(name: "\(name).directoryName")
            try self.validate(self.dnsName, name: "dnsName", parent: name, max: 253)
            try self.validate(self.dnsName, name: "dnsName", parent: name, min: 0)
            try self.ediPartyName?.validate(name: "\(name).ediPartyName")
            try self.validate(self.ipAddress, name: "ipAddress", parent: name, max: 39)
            try self.validate(self.ipAddress, name: "ipAddress", parent: name, min: 0)
            try self.otherName?.validate(name: "\(name).otherName")
            try self.validate(self.registeredId, name: "registeredId", parent: name, max: 64)
            try self.validate(self.registeredId, name: "registeredId", parent: name, min: 0)
            try self.validate(self.registeredId, name: "registeredId", parent: name, pattern: "^([0-2])\\.([0-9]|([0-3][0-9]))((\\.([0-9]+)){0,126})$")
            try self.validate(self.rfc822Name, name: "rfc822Name", parent: name, max: 256)
            try self.validate(self.rfc822Name, name: "rfc822Name", parent: name, min: 0)
            try self.validate(self.uniformResourceIdentifier, name: "uniformResourceIdentifier", parent: name, max: 253)
            try self.validate(self.uniformResourceIdentifier, name: "uniformResourceIdentifier", parent: name, min: 0)
        }

        private enum CodingKeys: String, CodingKey {
            case directoryName = "DirectoryName"
            case dnsName = "DnsName"
            case ediPartyName = "EdiPartyName"
            case ipAddress = "IpAddress"
            case otherName = "OtherName"
            case registeredId = "RegisteredId"
            case rfc822Name = "Rfc822Name"
            case uniformResourceIdentifier = "UniformResourceIdentifier"
        }
    }

    public struct GetCertificateAuthorityCertificateRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) of your private CA. This is of the form:  arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 .
        public let certificateAuthorityArn: String

        public init(certificateAuthorityArn: String) {
            self.certificateAuthorityArn = certificateAuthorityArn
        }

        public func validate(name: String) throws {
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, max: 200)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, min: 5)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, pattern: "arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*")
        }

        private enum CodingKeys: String, CodingKey {
            case certificateAuthorityArn = "CertificateAuthorityArn"
        }
    }

    public struct GetCertificateAuthorityCertificateResponse: AWSDecodableShape {
        /// Base64-encoded certificate authority (CA) certificate.
        public let certificate: String?
        /// Base64-encoded certificate chain that includes any intermediate certificates and chains up to root certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. If this is a root CA, the value will be null.
        public let certificateChain: String?

        public init(certificate: String? = nil, certificateChain: String? = nil) {
            self.certificate = certificate
            self.certificateChain = certificateChain
        }

        private enum CodingKeys: String, CodingKey {
            case certificate = "Certificate"
            case certificateChain = "CertificateChain"
        }
    }

    public struct GetCertificateAuthorityCsrRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) that was returned when you called the CreateCertificateAuthority action. This must be of the form:   arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
        public let certificateAuthorityArn: String

        public init(certificateAuthorityArn: String) {
            self.certificateAuthorityArn = certificateAuthorityArn
        }

        public func validate(name: String) throws {
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, max: 200)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, min: 5)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, pattern: "arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*")
        }

        private enum CodingKeys: String, CodingKey {
            case certificateAuthorityArn = "CertificateAuthorityArn"
        }
    }

    public struct GetCertificateAuthorityCsrResponse: AWSDecodableShape {
        /// The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.
        public let csr: String?

        public init(csr: String? = nil) {
            self.csr = csr
        }

        private enum CodingKeys: String, CodingKey {
            case csr = "Csr"
        }
    }

    public struct GetCertificateRequest: AWSEncodableShape {
        /// The ARN of the issued certificate. The ARN contains the certificate serial number and must be in the following form:   arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012/certificate/286535153982981100925020015808220737245
        public let certificateArn: String
        /// The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. This must be of the form:   arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 .
        public let certificateAuthorityArn: String

        public init(certificateArn: String, certificateAuthorityArn: String) {
            self.certificateArn = certificateArn
            self.certificateAuthorityArn = certificateAuthorityArn
        }

        public func validate(name: String) throws {
            try self.validate(self.certificateArn, name: "certificateArn", parent: name, max: 200)
            try self.validate(self.certificateArn, name: "certificateArn", parent: name, min: 5)
            try self.validate(self.certificateArn, name: "certificateArn", parent: name, pattern: "arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*")
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, max: 200)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, min: 5)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, pattern: "arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*")
        }

        private enum CodingKeys: String, CodingKey {
            case certificateArn = "CertificateArn"
            case certificateAuthorityArn = "CertificateAuthorityArn"
        }
    }

    public struct GetCertificateResponse: AWSDecodableShape {
        /// The base64 PEM-encoded certificate specified by the CertificateArn parameter.
        public let certificate: String?
        /// The base64 PEM-encoded certificate chain that chains up to the root CA certificate that you used to sign your private CA certificate.
        public let certificateChain: String?

        public init(certificate: String? = nil, certificateChain: String? = nil) {
            self.certificate = certificate
            self.certificateChain = certificateChain
        }

        private enum CodingKeys: String, CodingKey {
            case certificate = "Certificate"
            case certificateChain = "CertificateChain"
        }
    }

    public struct GetPolicyRequest: AWSEncodableShape {
        /// The Amazon Resource Number (ARN) of the private CA that will have its policy retrieved. You can find the CA's ARN by calling the ListCertificateAuthorities action.
        public let resourceArn: String

        public init(resourceArn: String) {
            self.resourceArn = resourceArn
        }

        public func validate(name: String) throws {
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, max: 200)
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, min: 5)
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, pattern: "arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*")
        }

        private enum CodingKeys: String, CodingKey {
            case resourceArn = "ResourceArn"
        }
    }

    public struct GetPolicyResponse: AWSDecodableShape {
        /// The policy attached to the private CA as a JSON document.
        public let policy: String?

        public init(policy: String? = nil) {
            self.policy = policy
        }

        private enum CodingKeys: String, CodingKey {
            case policy = "Policy"
        }
    }

    public struct ImportCertificateAuthorityCertificateRequest: AWSEncodableShape {
        /// The PEM-encoded certificate for a private CA. This may be a self-signed certificate in the case of a root CA, or it may be signed by another CA that you control.
        public let certificate: Data
        /// The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. This must be of the form:   arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
        public let certificateAuthorityArn: String
        /// A PEM-encoded file that contains all of your certificates, other than the certificate you're importing, chaining up to your root CA. Your ACM Private CA-hosted or on-premises root certificate is the last in the chain, and each certificate in the chain signs the one preceding.  This parameter must be supplied when you import a subordinate CA. When you import a root CA, there is no chain.
        public let certificateChain: Data?

        public init(certificate: Data, certificateAuthorityArn: String, certificateChain: Data? = nil) {
            self.certificate = certificate
            self.certificateAuthorityArn = certificateAuthorityArn
            self.certificateChain = certificateChain
        }

        public func validate(name: String) throws {
            try self.validate(self.certificate, name: "certificate", parent: name, max: 32768)
            try self.validate(self.certificate, name: "certificate", parent: name, min: 1)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, max: 200)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, min: 5)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, pattern: "arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*")
            try self.validate(self.certificateChain, name: "certificateChain", parent: name, max: 2_097_152)
            try self.validate(self.certificateChain, name: "certificateChain", parent: name, min: 0)
        }

        private enum CodingKeys: String, CodingKey {
            case certificate = "Certificate"
            case certificateAuthorityArn = "CertificateAuthorityArn"
            case certificateChain = "CertificateChain"
        }
    }

    public struct IssueCertificateRequest: AWSEncodableShape {
        /// Specifies X.509 certificate information to be included in the issued certificate. An APIPassthrough or APICSRPassthrough template variant must be selected, or else this parameter is ignored. For more information about using these templates, see Understanding Certificate Templates. If conflicting or duplicate certificate information is supplied during certificate issuance, ACM Private CA applies order of operation rules to determine what information is used.
        public let apiPassthrough: ApiPassthrough?
        /// The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. This must be of the form:  arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
        public let certificateAuthorityArn: String
        /// The certificate signing request (CSR) for the certificate you want to issue. As an example, you can use the following OpenSSL command to create the CSR and a 2048 bit RSA private key.   openssl req -new -newkey rsa:2048 -days 365 -keyout private/test_cert_priv_key.pem -out csr/test_cert_.csr  If you have a configuration file, you can then use the following OpenSSL command. The usr_cert block in the configuration file contains your X509 version 3 extensions.   openssl req -new -config openssl_rsa.cnf -extensions usr_cert -newkey rsa:2048 -days -365 -keyout private/test_cert_priv_key.pem -out csr/test_cert_.csr  Note: A CSR must provide either a subject name or a subject alternative name or the request will be rejected.
        public let csr: Data
        /// Alphanumeric string that can be used to distinguish between calls to the IssueCertificate action. Idempotency tokens for IssueCertificate time out after one minute. Therefore, if you call IssueCertificate multiple times with the same idempotency token within one minute, ACM Private CA recognizes that you are requesting only one certificate and will issue only one. If you change the idempotency token for each call, PCA recognizes that you are requesting multiple certificates.
        public let idempotencyToken: String?
        /// The name of the algorithm that will be used to sign the certificate to be issued.  This parameter should not be confused with the SigningAlgorithm parameter used to sign a CSR in the CreateCertificateAuthority action.
        public let signingAlgorithm: SigningAlgorithm
        /// Specifies a custom configuration template to use when issuing a certificate. If this parameter is not provided, ACM Private CA defaults to the EndEntityCertificate/V1 template. For CA certificates, you should choose the shortest path length that meets your needs. The path length is indicated by the PathLenN portion of the ARN, where N is the CA depth. Note: The CA depth configured on a subordinate CA certificate must not exceed the limit set by its parents in the CA hierarchy. For a list of TemplateArn values supported by ACM Private CA, see Understanding Certificate Templates.
        public let templateArn: String?
        /// Information describing the end of the validity period of the certificate. This parameter sets the “Not After” date for the certificate. Certificate validity is the period of time during which a certificate is valid. Validity can be expressed as an explicit date and time when the certificate expires, or as a span of time after issuance, stated in days, months, or years. For more information, see Validity in RFC 5280.  This value is unaffected when ValidityNotBefore is also specified. For example, if Validity is set to 20 days in the future, the certificate will expire 20 days from issuance time regardless of the ValidityNotBefore value. The end of the validity period configured on a certificate must not exceed the limit set on its parents in the CA hierarchy.
        public let validity: Validity
        /// Information describing the start of the validity period of the certificate. This parameter sets the “Not Before" date for the certificate. By default, when issuing a certificate, ACM Private CA sets the "Not Before" date to the issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The ValidityNotBefore parameter can be used to customize the “Not Before” value.  Unlike the Validity parameter, the ValidityNotBefore parameter is optional. The ValidityNotBefore value is expressed as an explicit date and time, using the Validity type value ABSOLUTE. For more information, see Validity in this API reference and Validity in RFC 5280.
        public let validityNotBefore: Validity?

        public init(apiPassthrough: ApiPassthrough? = nil, certificateAuthorityArn: String, csr: Data, idempotencyToken: String? = nil, signingAlgorithm: SigningAlgorithm, templateArn: String? = nil, validity: Validity, validityNotBefore: Validity? = nil) {
            self.apiPassthrough = apiPassthrough
            self.certificateAuthorityArn = certificateAuthorityArn
            self.csr = csr
            self.idempotencyToken = idempotencyToken
            self.signingAlgorithm = signingAlgorithm
            self.templateArn = templateArn
            self.validity = validity
            self.validityNotBefore = validityNotBefore
        }

        public func validate(name: String) throws {
            try self.apiPassthrough?.validate(name: "\(name).apiPassthrough")
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, max: 200)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, min: 5)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, pattern: "arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*")
            try self.validate(self.csr, name: "csr", parent: name, max: 32768)
            try self.validate(self.csr, name: "csr", parent: name, min: 1)
            try self.validate(self.idempotencyToken, name: "idempotencyToken", parent: name, max: 36)
            try self.validate(self.idempotencyToken, name: "idempotencyToken", parent: name, min: 1)
            try self.validate(self.idempotencyToken, name: "idempotencyToken", parent: name, pattern: "[\\u0009\\u000A\\u000D\\u0020-\\u00FF]*")
            try self.validate(self.templateArn, name: "templateArn", parent: name, max: 200)
            try self.validate(self.templateArn, name: "templateArn", parent: name, min: 5)
            try self.validate(self.templateArn, name: "templateArn", parent: name, pattern: "arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*")
            try self.validity.validate(name: "\(name).validity")
            try self.validityNotBefore?.validate(name: "\(name).validityNotBefore")
        }

        private enum CodingKeys: String, CodingKey {
            case apiPassthrough = "ApiPassthrough"
            case certificateAuthorityArn = "CertificateAuthorityArn"
            case csr = "Csr"
            case idempotencyToken = "IdempotencyToken"
            case signingAlgorithm = "SigningAlgorithm"
            case templateArn = "TemplateArn"
            case validity = "Validity"
            case validityNotBefore = "ValidityNotBefore"
        }
    }

    public struct IssueCertificateResponse: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) of the issued certificate and the certificate serial number. This is of the form:  arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012/certificate/286535153982981100925020015808220737245
        public let certificateArn: String?

        public init(certificateArn: String? = nil) {
            self.certificateArn = certificateArn
        }

        private enum CodingKeys: String, CodingKey {
            case certificateArn = "CertificateArn"
        }
    }

    public struct KeyUsage: AWSEncodableShape & AWSDecodableShape {
        /// Key can be used to sign CRLs.
        public let cRLSign: Bool?
        /// Key can be used to decipher data.
        public let dataEncipherment: Bool?
        /// Key can be used only to decipher data.
        public let decipherOnly: Bool?
        ///  Key can be used for digital signing.
        public let digitalSignature: Bool?
        /// Key can be used only to encipher data.
        public let encipherOnly: Bool?
        /// Key can be used in a key-agreement protocol.
        public let keyAgreement: Bool?
        /// Key can be used to sign certificates.
        public let keyCertSign: Bool?
        /// Key can be used to encipher data.
        public let keyEncipherment: Bool?
        /// Key can be used for non-repudiation.
        public let nonRepudiation: Bool?

        public init(cRLSign: Bool? = nil, dataEncipherment: Bool? = nil, decipherOnly: Bool? = nil, digitalSignature: Bool? = nil, encipherOnly: Bool? = nil, keyAgreement: Bool? = nil, keyCertSign: Bool? = nil, keyEncipherment: Bool? = nil, nonRepudiation: Bool? = nil) {
            self.cRLSign = cRLSign
            self.dataEncipherment = dataEncipherment
            self.decipherOnly = decipherOnly
            self.digitalSignature = digitalSignature
            self.encipherOnly = encipherOnly
            self.keyAgreement = keyAgreement
            self.keyCertSign = keyCertSign
            self.keyEncipherment = keyEncipherment
            self.nonRepudiation = nonRepudiation
        }

        private enum CodingKeys: String, CodingKey {
            case cRLSign = "CRLSign"
            case dataEncipherment = "DataEncipherment"
            case decipherOnly = "DecipherOnly"
            case digitalSignature = "DigitalSignature"
            case encipherOnly = "EncipherOnly"
            case keyAgreement = "KeyAgreement"
            case keyCertSign = "KeyCertSign"
            case keyEncipherment = "KeyEncipherment"
            case nonRepudiation = "NonRepudiation"
        }
    }

    public struct ListCertificateAuthoritiesRequest: AWSEncodableShape {
        /// Use this parameter when paginating results to specify the maximum number of items to return in the response on each page. If additional items exist beyond the number you specify, the NextToken element is sent in the response. Use this NextToken value in a subsequent request to retrieve additional items.
        public let maxResults: Int?
        /// Use this parameter when paginating results in a subsequent request after you receive a response with truncated results. Set it to the value of the NextToken parameter from the response you just received.
        public let nextToken: String?
        /// Use this parameter to filter the returned set of certificate authorities based on their owner. The default is SELF.
        public let resourceOwner: ResourceOwner?

        public init(maxResults: Int? = nil, nextToken: String? = nil, resourceOwner: ResourceOwner? = nil) {
            self.maxResults = maxResults
            self.nextToken = nextToken
            self.resourceOwner = resourceOwner
        }

        public func validate(name: String) throws {
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 1000)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 500)
            try self.validate(self.nextToken, name: "nextToken", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case maxResults = "MaxResults"
            case nextToken = "NextToken"
            case resourceOwner = "ResourceOwner"
        }
    }

    public struct ListCertificateAuthoritiesResponse: AWSDecodableShape {
        /// Summary information about each certificate authority you have created.
        public let certificateAuthorities: [CertificateAuthority]?
        /// When the list is truncated, this value is present and should be used for the NextToken parameter in a subsequent pagination request.
        public let nextToken: String?

        public init(certificateAuthorities: [CertificateAuthority]? = nil, nextToken: String? = nil) {
            self.certificateAuthorities = certificateAuthorities
            self.nextToken = nextToken
        }

        private enum CodingKeys: String, CodingKey {
            case certificateAuthorities = "CertificateAuthorities"
            case nextToken = "NextToken"
        }
    }

    public struct ListPermissionsRequest: AWSEncodableShape {
        /// The Amazon Resource Number (ARN) of the private CA to inspect. You can find the ARN by calling the ListCertificateAuthorities action. This must be of the form: arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 You can get a private CA's ARN by running the ListCertificateAuthorities action.
        public let certificateAuthorityArn: String
        /// When paginating results, use this parameter to specify the maximum number of items to return in the response. If additional items exist beyond the number you specify, the NextToken element is sent in the response. Use this NextToken value in a subsequent request to retrieve additional items.
        public let maxResults: Int?
        /// When paginating results, use this parameter in a subsequent request after you receive a response with truncated results. Set it to the value of NextToken from the response you just received.
        public let nextToken: String?

        public init(certificateAuthorityArn: String, maxResults: Int? = nil, nextToken: String? = nil) {
            self.certificateAuthorityArn = certificateAuthorityArn
            self.maxResults = maxResults
            self.nextToken = nextToken
        }

        public func validate(name: String) throws {
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, max: 200)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, min: 5)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, pattern: "arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*")
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 1000)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 500)
            try self.validate(self.nextToken, name: "nextToken", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case certificateAuthorityArn = "CertificateAuthorityArn"
            case maxResults = "MaxResults"
            case nextToken = "NextToken"
        }
    }

    public struct ListPermissionsResponse: AWSDecodableShape {
        /// When the list is truncated, this value is present and should be used for the NextToken parameter in a subsequent pagination request.
        public let nextToken: String?
        /// Summary information about each permission assigned by the specified private CA, including the action enabled, the policy provided, and the time of creation.
        public let permissions: [Permission]?

        public init(nextToken: String? = nil, permissions: [Permission]? = nil) {
            self.nextToken = nextToken
            self.permissions = permissions
        }

        private enum CodingKeys: String, CodingKey {
            case nextToken = "NextToken"
            case permissions = "Permissions"
        }
    }

    public struct ListTagsRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) that was returned when you called the CreateCertificateAuthority action. This must be of the form:   arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
        public let certificateAuthorityArn: String
        /// Use this parameter when paginating results to specify the maximum number of items to return in the response. If additional items exist beyond the number you specify, the NextToken element is sent in the response. Use this NextToken value in a subsequent request to retrieve additional items.
        public let maxResults: Int?
        /// Use this parameter when paginating results in a subsequent request after you receive a response with truncated results. Set it to the value of NextToken from the response you just received.
        public let nextToken: String?

        public init(certificateAuthorityArn: String, maxResults: Int? = nil, nextToken: String? = nil) {
            self.certificateAuthorityArn = certificateAuthorityArn
            self.maxResults = maxResults
            self.nextToken = nextToken
        }

        public func validate(name: String) throws {
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, max: 200)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, min: 5)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, pattern: "arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*")
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 1000)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 500)
            try self.validate(self.nextToken, name: "nextToken", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case certificateAuthorityArn = "CertificateAuthorityArn"
            case maxResults = "MaxResults"
            case nextToken = "NextToken"
        }
    }

    public struct ListTagsResponse: AWSDecodableShape {
        /// When the list is truncated, this value is present and should be used for the NextToken parameter in a subsequent pagination request.
        public let nextToken: String?
        /// The tags associated with your private CA.
        public let tags: [Tag]?

        public init(nextToken: String? = nil, tags: [Tag]? = nil) {
            self.nextToken = nextToken
            self.tags = tags
        }

        private enum CodingKeys: String, CodingKey {
            case nextToken = "NextToken"
            case tags = "Tags"
        }
    }

    public struct OtherName: AWSEncodableShape & AWSDecodableShape {
        /// Specifies an OID.
        public let typeId: String
        /// Specifies an OID value.
        public let value: String

        public init(typeId: String, value: String) {
            self.typeId = typeId
            self.value = value
        }

        public func validate(name: String) throws {
            try self.validate(self.typeId, name: "typeId", parent: name, max: 64)
            try self.validate(self.typeId, name: "typeId", parent: name, min: 0)
            try self.validate(self.typeId, name: "typeId", parent: name, pattern: "^([0-2])\\.([0-9]|([0-3][0-9]))((\\.([0-9]+)){0,126})$")
            try self.validate(self.value, name: "value", parent: name, max: 256)
            try self.validate(self.value, name: "value", parent: name, min: 0)
        }

        private enum CodingKeys: String, CodingKey {
            case typeId = "TypeId"
            case value = "Value"
        }
    }

    public struct Permission: AWSDecodableShape {
        /// The private CA actions that can be performed by the designated AWS service.
        public let actions: [ActionType]?
        /// The Amazon Resource Number (ARN) of the private CA from which the permission was issued.
        public let certificateAuthorityArn: String?
        /// The time at which the permission was created.
        public let createdAt: Date?
        /// The name of the policy that is associated with the permission.
        public let policy: String?
        /// The AWS service or entity that holds the permission. At this time, the only valid principal is acm.amazonaws.com.
        public let principal: String?
        /// The ID of the account that assigned the permission.
        public let sourceAccount: String?

        public init(actions: [ActionType]? = nil, certificateAuthorityArn: String? = nil, createdAt: Date? = nil, policy: String? = nil, principal: String? = nil, sourceAccount: String? = nil) {
            self.actions = actions
            self.certificateAuthorityArn = certificateAuthorityArn
            self.createdAt = createdAt
            self.policy = policy
            self.principal = principal
            self.sourceAccount = sourceAccount
        }

        private enum CodingKeys: String, CodingKey {
            case actions = "Actions"
            case certificateAuthorityArn = "CertificateAuthorityArn"
            case createdAt = "CreatedAt"
            case policy = "Policy"
            case principal = "Principal"
            case sourceAccount = "SourceAccount"
        }
    }

    public struct PolicyInformation: AWSEncodableShape {
        /// Specifies the object identifier (OID) of the certificate policy under which the certificate was issued. For more information, see NIST's definition of Object Identifier (OID).
        public let certPolicyId: String
        /// Modifies the given CertPolicyId with a qualifier. ACM Private CA supports the certification practice statement (CPS) qualifier.
        public let policyQualifiers: [PolicyQualifierInfo]?

        public init(certPolicyId: String, policyQualifiers: [PolicyQualifierInfo]? = nil) {
            self.certPolicyId = certPolicyId
            self.policyQualifiers = policyQualifiers
        }

        public func validate(name: String) throws {
            try self.validate(self.certPolicyId, name: "certPolicyId", parent: name, max: 64)
            try self.validate(self.certPolicyId, name: "certPolicyId", parent: name, min: 0)
            try self.validate(self.certPolicyId, name: "certPolicyId", parent: name, pattern: "^([0-2])\\.([0-9]|([0-3][0-9]))((\\.([0-9]+)){0,126})$")
            try self.policyQualifiers?.forEach {
                try $0.validate(name: "\(name).policyQualifiers[]")
            }
            try self.validate(self.policyQualifiers, name: "policyQualifiers", parent: name, max: 20)
            try self.validate(self.policyQualifiers, name: "policyQualifiers", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case certPolicyId = "CertPolicyId"
            case policyQualifiers = "PolicyQualifiers"
        }
    }

    public struct PolicyQualifierInfo: AWSEncodableShape {
        /// Identifies the qualifier modifying a CertPolicyId.
        public let policyQualifierId: PolicyQualifierId
        /// Defines the qualifier type. ACM Private CA supports the use of a URI for a CPS qualifier in this field.
        public let qualifier: Qualifier

        public init(policyQualifierId: PolicyQualifierId, qualifier: Qualifier) {
            self.policyQualifierId = policyQualifierId
            self.qualifier = qualifier
        }

        public func validate(name: String) throws {
            try self.qualifier.validate(name: "\(name).qualifier")
        }

        private enum CodingKeys: String, CodingKey {
            case policyQualifierId = "PolicyQualifierId"
            case qualifier = "Qualifier"
        }
    }

    public struct PutPolicyRequest: AWSEncodableShape {
        /// The path and file name of a JSON-formatted IAM policy to attach to the specified private CA resource. If this policy does not contain all required statements or if it includes any statement that is not allowed, the PutPolicy action returns an InvalidPolicyException. For information about IAM policy and statement structure, see Overview of JSON Policies.
        public let policy: String
        /// The Amazon Resource Number (ARN) of the private CA to associate with the policy. The ARN of the CA can be found by calling the ListCertificateAuthorities action.
        public let resourceArn: String

        public init(policy: String, resourceArn: String) {
            self.policy = policy
            self.resourceArn = resourceArn
        }

        public func validate(name: String) throws {
            try self.validate(self.policy, name: "policy", parent: name, max: 20480)
            try self.validate(self.policy, name: "policy", parent: name, min: 1)
            try self.validate(self.policy, name: "policy", parent: name, pattern: "[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+")
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, max: 200)
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, min: 5)
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, pattern: "arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*")
        }

        private enum CodingKeys: String, CodingKey {
            case policy = "Policy"
            case resourceArn = "ResourceArn"
        }
    }

    public struct Qualifier: AWSEncodableShape {
        /// Contains a pointer to a certification practice statement (CPS) published by the CA.
        public let cpsUri: String

        public init(cpsUri: String) {
            self.cpsUri = cpsUri
        }

        public func validate(name: String) throws {
            try self.validate(self.cpsUri, name: "cpsUri", parent: name, max: 256)
            try self.validate(self.cpsUri, name: "cpsUri", parent: name, min: 0)
        }

        private enum CodingKeys: String, CodingKey {
            case cpsUri = "CpsUri"
        }
    }

    public struct RestoreCertificateAuthorityRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) that was returned when you called the CreateCertificateAuthority action. This must be of the form:   arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
        public let certificateAuthorityArn: String

        public init(certificateAuthorityArn: String) {
            self.certificateAuthorityArn = certificateAuthorityArn
        }

        public func validate(name: String) throws {
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, max: 200)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, min: 5)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, pattern: "arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*")
        }

        private enum CodingKeys: String, CodingKey {
            case certificateAuthorityArn = "CertificateAuthorityArn"
        }
    }

    public struct RevocationConfiguration: AWSEncodableShape & AWSDecodableShape {
        /// Configuration of the certificate revocation list (CRL), if any, maintained by your private CA.
        public let crlConfiguration: CrlConfiguration?

        public init(crlConfiguration: CrlConfiguration? = nil) {
            self.crlConfiguration = crlConfiguration
        }

        public func validate(name: String) throws {
            try self.crlConfiguration?.validate(name: "\(name).crlConfiguration")
        }

        private enum CodingKeys: String, CodingKey {
            case crlConfiguration = "CrlConfiguration"
        }
    }

    public struct RevokeCertificateRequest: AWSEncodableShape {
        /// Amazon Resource Name (ARN) of the private CA that issued the certificate to be revoked. This must be of the form:  arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
        public let certificateAuthorityArn: String
        /// Serial number of the certificate to be revoked. This must be in hexadecimal format. You can retrieve the serial number by calling GetCertificate with the Amazon Resource Name (ARN) of the certificate you want and the ARN of your private CA. The GetCertificate action retrieves the certificate in the PEM format. You can use the following OpenSSL command to list the certificate in text format and copy the hexadecimal serial number.   openssl x509 -in file_path -text -noout  You can also copy the serial number from the console or use the DescribeCertificate action in the AWS Certificate Manager API Reference.
        public let certificateSerial: String
        /// Specifies why you revoked the certificate.
        public let revocationReason: RevocationReason

        public init(certificateAuthorityArn: String, certificateSerial: String, revocationReason: RevocationReason) {
            self.certificateAuthorityArn = certificateAuthorityArn
            self.certificateSerial = certificateSerial
            self.revocationReason = revocationReason
        }

        public func validate(name: String) throws {
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, max: 200)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, min: 5)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, pattern: "arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*")
            try self.validate(self.certificateSerial, name: "certificateSerial", parent: name, max: 128)
            try self.validate(self.certificateSerial, name: "certificateSerial", parent: name, min: 0)
        }

        private enum CodingKeys: String, CodingKey {
            case certificateAuthorityArn = "CertificateAuthorityArn"
            case certificateSerial = "CertificateSerial"
            case revocationReason = "RevocationReason"
        }
    }

    public struct Tag: AWSEncodableShape & AWSDecodableShape {
        /// Key (name) of the tag.
        public let key: String
        /// Value of the tag.
        public let value: String?

        public init(key: String, value: String? = nil) {
            self.key = key
            self.value = value
        }

        public func validate(name: String) throws {
            try self.validate(self.key, name: "key", parent: name, max: 128)
            try self.validate(self.key, name: "key", parent: name, min: 1)
            try self.validate(self.key, name: "key", parent: name, pattern: "^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$")
            try self.validate(self.value, name: "value", parent: name, max: 256)
            try self.validate(self.value, name: "value", parent: name, min: 0)
            try self.validate(self.value, name: "value", parent: name, pattern: "^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$")
        }

        private enum CodingKeys: String, CodingKey {
            case key = "Key"
            case value = "Value"
        }
    }

    public struct TagCertificateAuthorityRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. This must be of the form:   arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
        public let certificateAuthorityArn: String
        /// List of tags to be associated with the CA.
        public let tags: [Tag]

        public init(certificateAuthorityArn: String, tags: [Tag]) {
            self.certificateAuthorityArn = certificateAuthorityArn
            self.tags = tags
        }

        public func validate(name: String) throws {
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, max: 200)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, min: 5)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, pattern: "arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*")
            try self.tags.forEach {
                try $0.validate(name: "\(name).tags[]")
            }
            try self.validate(self.tags, name: "tags", parent: name, max: 50)
            try self.validate(self.tags, name: "tags", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case certificateAuthorityArn = "CertificateAuthorityArn"
            case tags = "Tags"
        }
    }

    public struct UntagCertificateAuthorityRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. This must be of the form:   arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
        public let certificateAuthorityArn: String
        /// List of tags to be removed from the CA.
        public let tags: [Tag]

        public init(certificateAuthorityArn: String, tags: [Tag]) {
            self.certificateAuthorityArn = certificateAuthorityArn
            self.tags = tags
        }

        public func validate(name: String) throws {
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, max: 200)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, min: 5)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, pattern: "arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*")
            try self.tags.forEach {
                try $0.validate(name: "\(name).tags[]")
            }
            try self.validate(self.tags, name: "tags", parent: name, max: 50)
            try self.validate(self.tags, name: "tags", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case certificateAuthorityArn = "CertificateAuthorityArn"
            case tags = "Tags"
        }
    }

    public struct UpdateCertificateAuthorityRequest: AWSEncodableShape {
        /// Amazon Resource Name (ARN) of the private CA that issued the certificate to be revoked. This must be of the form:  arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
        public let certificateAuthorityArn: String
        /// Revocation information for your private CA.
        public let revocationConfiguration: RevocationConfiguration?
        /// Status of your private CA.
        public let status: CertificateAuthorityStatus?

        public init(certificateAuthorityArn: String, revocationConfiguration: RevocationConfiguration? = nil, status: CertificateAuthorityStatus? = nil) {
            self.certificateAuthorityArn = certificateAuthorityArn
            self.revocationConfiguration = revocationConfiguration
            self.status = status
        }

        public func validate(name: String) throws {
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, max: 200)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, min: 5)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, pattern: "arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*")
            try self.revocationConfiguration?.validate(name: "\(name).revocationConfiguration")
        }

        private enum CodingKeys: String, CodingKey {
            case certificateAuthorityArn = "CertificateAuthorityArn"
            case revocationConfiguration = "RevocationConfiguration"
            case status = "Status"
        }
    }

    public struct Validity: AWSEncodableShape {
        /// Determines how ACM Private CA interprets the Value parameter, an integer. Supported validity types include those listed below. Type definitions with values include a sample input value and the resulting output.   END_DATE: The specific date and time when the certificate will expire, expressed using UTCTime (YYMMDDHHMMSS) or GeneralizedTime (YYYYMMDDHHMMSS) format. When UTCTime is used, if the year field (YY) is greater than or equal to 50, the year is interpreted as 19YY. If the year field is less than 50, the year is interpreted as 20YY.   Sample input value: 491231235959 (UTCTime format)   Output expiration date/time: 12/31/2049 23:59:59    ABSOLUTE: The specific date and time when the validity of a certificate will start or expire, expressed in seconds since the Unix Epoch.    Sample input value: 2524608000   Output expiration date/time: 01/01/2050 00:00:00    DAYS, MONTHS, YEARS: The relative time from the moment of issuance until the certificate will expire, expressed in days, months, or years.  Example if DAYS, issued on 10/12/2020 at 12:34:54 UTC:   Sample input value: 90   Output expiration date: 01/10/2020 12:34:54 UTC   The minimum validity duration for a certificate using relative time (DAYS) is one day. The minimum validity for a certificate using absolute time (ABSOLUTE or END_DATE) is one second.
        public let type: ValidityPeriodType
        /// A long integer interpreted according to the value of Type, below.
        public let value: Int64

        public init(type: ValidityPeriodType, value: Int64) {
            self.type = type
            self.value = value
        }

        public func validate(name: String) throws {
            try self.validate(self.value, name: "value", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case type = "Type"
            case value = "Value"
        }
    }
}
